| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <6b4fe6ca-e18b-4843-aeaf-224ee01d3067@rowland.harvard.edu> Date: Sat, 15 Mar 2025 14:40:38 -0400 From: Alan Stern <stern@...land.harvard.edu> To: daixin_tkzc <daixin_tkzc@....com> Cc: Matthew Dharm <mdharm-usb@...-eyed-alien.net>, Greg KH <gregkh@...uxfoundation.org>, linux-usb@...r.kernel.org, usb-storage@...ts.one-eyed-alien.net, linux-kernel@...r.kernel.org Subject: Re: Re: Re: [usb-storage] Re:Re:[PATCH] usb: storage: Fix `us->iobuf` size for BOT transmission to prevent memory overflow On Sat, Mar 15, 2025 at 07:20:37PM +0800, daixin_tkzc wrote: > I'm sorry you may have misunderstood me. > > > HCTSIZ register only reflects the transfer size for the Host Channel (between host and device). The dwc_otg manual explains it as follows: > Non-Scatter/Gather DMA Mode: > Transfer Size (XferSize) > For an OUT, this field is the number of data bytes the host sends > during the transfer. > For an IN, this field is the buffer size that the application has > Reserved for the transfer. The application is expected to program > this field as an integer multiple of the maximum packet size for IN > transactions (periodic and non-periodic). In that case, the dwc_otg driver needs to use a 512-byte bounce buffer. The driver must _guarantee_ that no more than 13 bytes will be written to the URB's transfer_buffer if the URB's transfer_length is 13. If the hardware cannot provide this guarantee then the driver must work around the hardware's deficiencies. That is how the kernel's USB API is designed. Alan Stern
Powered by blists - more mailing lists